I've been using slurpd for quite some time now with fairly good results however I wanted to take advantage of the newer features in syncrepl. Specifically the ability to have the slave push to the master.

I was able to set this up in relative short order using the example provided in http://www.openldap.org/doc/admin23/syncrepl.html

I start up my slave server and it does indeed grab all the database information from my master, however I can no longer write to my master server. What am i missing from the documentation?


If I try to add a simple ldif file it fails with the following error:

[root@myserver backups]# ldapadd -f replicator-policy.ldif -x -D cn=root,dc=somedomain,dc=somedomain -W
Enter LDAP Password:
adding new entry "cn=replicate,ou=policies,dc=somedomain,dc=somedomain"
ldapadd: Server is unwilling to perform (53)
        additional info: shadow context; no update referral

If I add an updateref to my slave slapd.conf pointing back to my master server the error changes to this:

[root@myserver backups]# ldapadd -f replicator-policy.ldif -x -D cn=root,dc=somedomain,dc=somedomain -W
Enter LDAP Password:
adding new entry "cn=replicate,ou=policies,dc=somedomain,dc=somedomain"
ldapadd: Referral (10)
        referrals:
                ldap://myserver.aa.bb.cc:389/cn=replicate,ou=policies,dc=somedomain,dc=somedomain


Master syncrepl config
#Syncrepl
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100


Slave syncrepl config
#SYNCREPL SETTINGS
syncrepl rid=357
        provider=ldap://myserver.aa.bb.cc:389
        type=refreshAndPersist
        retry="60 10 300 +"
        searchbase="dc=somedomain,dc=somedomain"
        attrs="*,+"
        bindmethod=simple
        binddn="uid=replicator,ou=people,dc=somedomain,dc=somedomain"
        credentials=replicatorpassword